A secure and traceable E-DRM system based on mobile device Source: Expert Systems with Applications, Vol. 35, No. 3, pp. 878-886, 2008 Authors: Chin-Ling Chen Reporter: Ya-Chieh Huang Date: 2009/3/19
Outline Introduction The proposed mobile E-DRM scheme Analyses Package Phase Register Phase Authorization Phase Analyses Conclusions
Introduction(1/2) Author Mobile User (MU) Package Server (PS) Content Server (CS) License Server (LS)
Introduction(2/2) The file structure of the mobile E-DRM system
Notations Parameter Usage The timestamp The time constant The digital certificate The ith one time password The initial random seed number The ith request random number, N0 = SEED The DRM format digital content International Mobile Equipment Identification The content identity The authorization request message of the mobile user The symmetric key is used to encrypt/decrypt the digital content Use X’s public/ secrete key to sign a message m Two collision free one way hash functions
Package Phase (1/4) The author creates the digital content and then sends it to the PS. PS CS Packs the digital content (M) Generates KEYCID Generates the content header (CH) Integrates C and CH into the mobile E-DRM format file
Package Phase (2/4) PS CS Stores the mobile E-DRM format file
Package Phase (3/4) PS LS Stores
Package Phase (4/4) After connecting to the public directory of the CS MU Downloads 1. the mobile E-DRM format file 2. the corresponding tamper resistant DRM-AP Realizes the authorization authority URL
Register Phase DRM-AP AA LS Cert, IMEI Verifies Cert Generates SEED Stores Cert, IEMI, and SEED SEED IEMI, Cert
Authorization Phase (1/3) The tamper resistant DRM-AP tries to open the protected the digital content (the ith times) DRM-AP AA Generates Checks Verifies Finds
Authorization Phase (2/3) DRM-AP AA Computes Generates Stores Stores
Authorization Phase (3/3) DRM-AP AA LS Compares with
Analyses Security issues No attacker can impersonate the legal party Against replay attacker Persistent protection issues Integrity issues Track usage of E-DRM work issues Integration with existing applications issues Portability issues
Conclusions Portability Security Low computation cost